VP of Security

About The Position

Requirements

• 10+ years of experience as an Information Security Director, preferably in a SaaS or Medical company.
• Extensive knowledge of network and cloud infrastructure security and best practices.
• Security governance and risk management experience.
• Healthcare security background (HIPAA, FDA, GDPR) preferred.
• Prior experience and deep knowledge in implementing and maintaining HiTrust, PCI, ISO27001, SOC2, SOX and HIPAA.
• Strong knowledge of current and emerging cyber security risks (primarily on web and cloud), and modern risk management methods and solutions.
• Knowledge of application security standards and frameworks such as OWASP
• Ability to influence others and work at all levels and departments across the organizational and with external vendors and partners.
• In-depth knowledge of Security standards (ISO27001, HiTrust, PCI) and Privacy regulations (GDPR, CCPA, ISO27701, HIPAA).
• Fluent English both written and verbal.
• Experience with the AWS ecosystem.
• Experience with large-scale systems.

Nice To Haves

• Cybersecurity certifications (e.g., CISSP, CISA, CFE) preferred.

Responsibilities

• Drives the enterprise security strategy, roadmap, and KPIs set in collaboration CCO and Fractional CISO.
• Define acceptable risk levels in partnership with business leaders and ensure security investments are aligned to organizational priorities.
• Oversee the development, implementation, and ongoing management of security capabilities including security architecture, engineering, and operations.
• Direct and coordinate with key stakeholders (e.g. IT, R&D, Product Development, DevOps) to ensure technology solutions incorporate sound security design and governance principles.
• Define and govern security best practices, guidelines, and patterns and ensure these are embedded within business and IT processes.
• Ensure security architecture and operations align with relevant regulatory and industry frameworks including HIPAA, HITRUST, NIST CSF, SOC 2 Type II, ISO 27001, and FDA requirements. Partner with Compliance on ISMS control ownership, audit evidence, and continuous monitoring.
• Provide security oversight and subject matter input across Dario's secure software development lifecycle, serving as the security liaison to ensure business requirements translate into secure specifications.
• Oversee the build-out and continuous improvement of security operations including vulnerability management, logging and monitoring, SIEM, detection engineering, and incident readiness and response.
• Ensure proper configuration, maintenance, and operation of the security tooling stack (e.g. SAST/DAST, CSPM, EDR, IAM integrations, secrets management).
• Define and continuously measure security benchmarks and KPIs.